Sophos Logo

Sophos adds Lets Encrypt support to UTM9

Hello everyone

Sorry I have been away for a while life has been crazy I have a new addition to the family ! my son was born on Christmas day 2018 what an adventure it has been so far I plan to be back to my regular blogger/YouTuber self after some time to take it all in! thanks for sticking with me !.

Sophos has released a new version to the their UTM 9 appliance version 9.600 now includes Lets Encrypt support. If you don’t know Lets Encrypt is a project that is lead by some of the biggest names in tech. With this project you can get a free SSL certificate for your site the catch is they expire every 90 days so you need a script that auto renews them for you which is included in the app.

To generate the certificate is very simple using webadmin follow the below screenshots

New certificate button
add certificate pane
new certificate pane
certificate in list

Once you finish these steps the UTM will reach out to the Lets Encrypt server to get the certificate generated !. Once the certificate is generated you will be able to apply it to the web-server protection module while hosting your web-servers behind the UTM. This allows the UTM to host the SQL certificate instead of having a certificate on each server which can be a nightmare to administer.The UTM will take care of re-newing the certificate for you with LetsEncrypt so no need to worry about that.

For more information on lets encrypt find them @

Please let me know if you need any help or have any questions !

2 thoughts on “Sophos adds Lets Encrypt support to UTM9

  1. Thanks for the tutorial. We use SSO authentication for web filtering and that is blocking us from implementing this certificate.

    After hitting apply I get the message:
    “TCP port ’80’ is already in use by the AD SSO interfaces.”

    Do you have any thoughts on how to resolve this?

    1. Hey Matt

      Interesting scenario are you hosting the site behind your UTM with the Webserver protection?
      if so let’s encrypt should be directed to the site you are hosting so be sure that your virtual server setup is correct


      let’s encrypt would do a query for which should have an A DNS record going towards your UTM public IP then the virtual server would point the traffic
      to the proper server via the HTTP headers which should then get to the proper site

      If you’d like more help feel free to email me and Id love to help!

      Sean Mancini

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.